{"id":"CVE-2025-38146","summary":"net: openvswitch: Fix the dead loop of MPLS parse","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: openvswitch: Fix the dead loop of MPLS parse\n\nThe unexpected MPLS packet may not end with the bottom label stack.\nWhen there are many stacks, The label count value has wrapped around.\nA dead loop occurs, soft lockup/CPU stuck finally.\n\nstack backtrace:\nUBSAN: array-index-out-of-bounds in /build/linux-0Pa0xK/linux-5.15.0/net/openvswitch/flow.c:662:26\nindex -1 is out of range for type '__be32 [3]'\nCPU: 34 PID: 0 Comm: swapper/34 Kdump: loaded Tainted: G           OE   5.15.0-121-generic #131-Ubuntu\nHardware name: Dell Inc. PowerEdge C6420/0JP9TF, BIOS 2.12.2 07/14/2021\nCall Trace:\n \u003cIRQ\u003e\n show_stack+0x52/0x5c\n dump_stack_lvl+0x4a/0x63\n dump_stack+0x10/0x16\n ubsan_epilogue+0x9/0x36\n __ubsan_handle_out_of_bounds.cold+0x44/0x49\n key_extract_l3l4+0x82a/0x840 [openvswitch]\n ? kfree_skbmem+0x52/0xa0\n key_extract+0x9c/0x2b0 [openvswitch]\n ovs_flow_key_extract+0x124/0x350 [openvswitch]\n ovs_vport_receive+0x61/0xd0 [openvswitch]\n ? kernel_init_free_pages.part.0+0x4a/0x70\n ? get_page_from_freelist+0x353/0x540\n netdev_port_receive+0xc4/0x180 [openvswitch]\n ? netdev_port_receive+0x180/0x180 [openvswitch]\n netdev_frame_hook+0x1f/0x40 [openvswitch]\n __netif_receive_skb_core.constprop.0+0x23a/0xf00\n __netif_receive_skb_list_core+0xfa/0x240\n netif_receive_skb_list_internal+0x18e/0x2a0\n napi_complete_done+0x7a/0x1c0\n bnxt_poll+0x155/0x1c0 [bnxt_en]\n __napi_poll+0x30/0x180\n net_rx_action+0x126/0x280\n ? bnxt_msix+0x67/0x80 [bnxt_en]\n handle_softirqs+0xda/0x2d0\n irq_exit_rcu+0x96/0xc0\n common_interrupt+0x8e/0xa0\n \u003c/IRQ\u003e","modified":"2026-05-28T03:55:39.992252730Z","published":"2025-07-03T08:35:52.230Z","related":["SUSE-SU-2025:03272-1","SUSE-SU-2025:03290-1","SUSE-SU-2025:03301-1","SUSE-SU-2025:03382-1","SUSE-SU-2025:03602-1","SUSE-SU-2025:03633-1","SUSE-SU-2025:03634-1","SUSE-SU-2025:20653-1","SUSE-SU-2025:20669-1","SUSE-SU-2025:20739-1","SUSE-SU-2025:20756-1","SUSE-SU-2025:21074-1","SUSE-SU-2025:21139-1","SUSE-SU-2025:21179-1","openSUSE-SU-2025:20081-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38146.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/0bdc924bfb319fb10d1113cbf091fc26fb7b1f99"},{"type":"WEB","url":"https://git.kernel.org/stable/c/3c1906a3d50cb94fd0a10e97a1c0a40c0f033cb7"},{"type":"WEB","url":"https://git.kernel.org/stable/c/4b9a086eedc1fddae632310386098c12155e3d0a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/69541e58323ec3e3904e1fa87a6213961b1f52f4"},{"type":"WEB","url":"https://git.kernel.org/stable/c/8ebcd311b4866ab911d1445ead08690e67f0c488"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ad17eb86d042d72a59fd184ad1adf34f5eb36843"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f26fe7c3002516dd3c288f1012786df31f4d89e0"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/38xxx/CVE-2025-38146.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-38146"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"fbdcdd78da7c95f1b970d371e1b23cbd3aa990f3"},{"fixed":"4b9a086eedc1fddae632310386098c12155e3d0a"},{"fixed":"ad17eb86d042d72a59fd184ad1adf34f5eb36843"},{"fixed":"f26fe7c3002516dd3c288f1012786df31f4d89e0"},{"fixed":"8ebcd311b4866ab911d1445ead08690e67f0c488"},{"fixed":"69541e58323ec3e3904e1fa87a6213961b1f52f4"},{"fixed":"3c1906a3d50cb94fd0a10e97a1c0a40c0f033cb7"},{"fixed":"0bdc924bfb319fb10d1113cbf091fc26fb7b1f99"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38146.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"5.5.0"},{"fixed":"5.10.239"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.186"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.142"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.94"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.34"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.15.3"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-38146.json"}}],"schema_version":"1.7.5"}